Network World
Friday, November 21, 2008
DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Cisco Subnet Community

Cisco Subnet
NetworkWorld.com > Home

Solution?

Submitted by Anonymous on Wed, 05/14/2008 - 11:38am

What hasn't been hacked, altered, and yet we still continue to attempt to fix it with broken encryption models that don't work. When will people start thinking like the hackers? I know of 1 solution http://www.dreamstream.info

Click to read the article this is in response to.

Lots of proof-of-concept in the lab

0
By Cisco Subnet on Wed, 05/14/2008 - 12:28pm.

Cisco has had tons of bad news this week on the security front. The FBI freaks out about possible malware embedded in fake Cisco gear it found in the DoD's infrastructure. Today, Cisco issued patches to fix holes in Call Manager that could allow DoS attacks. But interestingly, in this case with the first Cisco rootkit, it is a proof-of-concept rootkit, written by a researcher. Same goes for the fake gear the FBI found -- the fear was caused by the fact that researchers have shown how it could be done -- not that they found evidence of malware in the actual fake gear.

Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.

A criminal is much more

0
By Legion (not verified) on Thu, 05/15/2008 - 4:53am.

A criminal is much more motivated than a security researcher, I am sure they already know how to rootkit a Cisco IOS and are smart enough to KEEP THEIR MOUTH SHUT!

Cisco is not immune to anything!!!

0
By Anon on Thu, 05/15/2008 - 4:34am.

I guess Cisco has good run for a while. This proves that Cisco os not immune to anything afterall. People need to think carefully and not put blind trust in self proclaimed IT security GOD "CISCO" !!!!

I am glad we have diversified layerd security solution that puts us in better position. But all security with Cisco is shot in the foot!

RE: diversified security...

0
By y0da (not verified) on Thu, 05/15/2008 - 5:34am.

Saying "all security with cisco is shot in the foot" is not a very intelligent thing to say. Name me one product that is 100% free from vulnerability or exploitation.

While it is true that diversified security has value...the same can be said about a comprehensive, complementing product line designed to work together and be tightly-linked/fully inter-operable. Configuration, logging, notices, alerts, etc etc are easier to manage and audit, and there are many other beneficial factors as well.

All this article "proves" is that admins need to be diligent with their patching (as is true with all devices, applications, and operating systems) and adhere to decent password policies that address password strength, storage, sharing, and changing. It's really not that difficult to install a rootkit once access is obtained...

IT security GOD ?

0
By Petr Ruzicka (not verified) on Thu, 05/15/2008 - 7:17am.

Wow, that's the first time I've seen someone to label Cisco as "security GOD"
Usually I come across quite opposite statements - box movers, HW company without any intelligence, those-who-buy-everything-and-doing-nothing etc.

"Security GOD", good at least someone knows that Cisco has some security products/knowledge as well...
As for rootkit, it was only matter of time.

Diversify

0
By esINbg (not verified) on Thu, 05/15/2008 - 3:10pm.

With time, money and motivation anything can be hacked into. Don't gimme that "mine is not hackable" chorus. Unfortunately for Cisco their gear provides the largest sandbox in the world. A great launchpad for malware. If you care about security you will diversify your network equipment and not shoehorn yourself into the unique benefits or disadvantages of one vendor.

A secure environment mitigates this risk

0
By Anon on Fri, 05/16/2008 - 8:43am.

In order to deploy these rootkits, someone needs device access. Imagine that you're using two-factor authentication to login, and logging all commands entered to a hardened, unmodifiable syslog server. If someone attempts to install the rootkit, there will at least be an audit trail that can be used against them (assuming they weren't smart enough to block the system log messages that indicated it was installed).

Once there is more information, this should be easy to identify measures to mitigate this risk.

A scary scenario would be a remote code vulnerability that allowed for a remote rootkit install. This would allow a worm to be created. The only thing you can do here is make sure you keep up on vulnerabilities and firmware releases, and hope Cisco writes better code ;)

Security 1st

0
By Anon on Tue, 05/20/2008 - 4:46am.

This is a very interesting find and should hopefully entice and continue to motivate companies to stress the importance of security management. Great stuff Sebastian!

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <i> <b> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote> <br /> <br> <p>
  • Lines and paragraphs break automatically.
  • You can use BBCode tags in the text.
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.

CISCO SUBNET: An independent Cisco community

Cisco to cut jobs in Richardson, Texas

20 useful sites for Cisco networking professionals

Enter to win a Cisco Press book

Cisco security advisories

Jimmy Ray Purser: Networking geek to geek

Brad Reese on Cisco

Jeff Doyle on IP routing

Wendell Odom on Cisco certs

Jamey Heary on Cisco security


More WAN resources

RSS feed (WAN community)
RSS feed (WAN news)

Advertisement: